CVE-2013-2174

Related Files

Gentoo Linux Security Advisory 201401-14

Posted Jan 20, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422

MD5 | 3ce972737b30b0c5dc026e59570caab5

Download | Favorite | View

Ubuntu Security Notice USN-1894-1

Posted Jul 2, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1894-1 - Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2013-2174

MD5 | 64cb425c8db8d0271efc95c1417a28ab

Download | Favorite | View

Mandriva Linux Security Advisory 2013-180

Posted Jun 27, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-180 - libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with \%HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller. The updated packages have been patched to correct this issue.

tags | advisory

systems | linux, mandriva

advisories | CVE-2013-2174

MD5 | ce001f7e3f8ac0ca3d741d058b0161c2

Download | Favorite | View

Red Hat Security Advisory 2013-0983-01

Posted Jun 25, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, protocol

systems | linux, redhat

advisories | CVE-2013-2174

MD5 | d19c014f0dea84b64804cd3dc62b3167

Download | Favorite | View

Debian Security Advisory 2713-1

Posted Jun 24, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2713-1 - Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function.

tags | advisory, overflow

systems | linux, debian

advisories | CVE-2013-2174

MD5 | dc1cd459b62ba5a013c0d494842e444b

Download | Favorite | View

Slackware Security Advisory - curl Updates

Posted Jun 24, 2013

Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2174.

tags | advisory

systems | linux, slackware

advisories | CVE-2013-2174

MD5 | 49fcda0965ed7330fe5937c109da44e1

Download | Favorite | View